Departing from traditional cybersecurity practices
Justine Bone, CEO of MedSec, provides an overview of what MedSec has accomplished within the past 2 years, and gives insight into the implications behind its research on St. Jude Medical's implantable devices.Our company was founded by security researchers who wish to apply their expertise to the healthcare industry. For the past 18 months, our team has been quietly evaluating the security of various medical devices.
As a result of our research to date, one company, St Jude Medical, has stood out as lagging far behind. For years this company has continued to put patients at risk by profiting from the sale of devices and a device eco-system which has little to no built-in security. We believe St Jude Medical has known about security problems in their products since at least 2013, but it is apparent from the lack of security protections or mechanisms in their product line that very little action has been taken.
In order to help address patient safety, we have chosen to depart from standard cyber security operating procedures in order to bring this to the public’s attention and to ensure that St Jude Medical responds appropriately and with urgency. We have shared our research with an investment firm, Muddy Waters Capital, that is helping us deliver this message.
The time has come for us to re-think the way cyber security is managed. We acknowledge that our departure from traditional cyber security practices will draw criticism, but we believe this is the only way to spur St Jude Medical into action. Most importantly, we believe that both potential and existing patients have a right to know about their risks. Consumers need to start demanding transparency from these device manufacturers, especially as it applies to the quality and functionality of their products.
Justine Bone. CEO, MedSec.